TDGSS LdapClientMechanism Property | Teradata Vantage - LdapClientMechanism - Advanced SQL Engine

TDGSS LdapClientMechanism Property | Teradata Vantage - LdapClientMechanism - Advanced SQL Engine - Teradata Database

Security Administration

Product

Advanced SQL Engine

Teradata Database

Release Number

17.05

17.00

Published

September 2020

Language

English (United States)

Last Update

2021-01-23

dita:mapPath

ied1556235912841.ditamap

dita:ditavalPath

lze1555437562152.ditaval

dita:id

B035-1100

lifecycle

Product Category

Teradata Vantage™

The LdapClientMechanism property specifies the bind type TDGSS must use to bind the user, during LDAP user authentication. See LDAP Binding Options.

sasl/digest-md5 (default)
Although the sasl/digest-md5 setting is the default (for legacy compatibility), it is not recommended for use.
simple (recommended)

The LdapClientMechanism property appears by default in the library configuration file for the LDAP mechanism. Other mechanisms do not support this property.
To reset the value from the default, you must manually add this property to the TDGSS configuration file for the LDAP mechanism. See About Editing Configuration Files.
Edit this property on database nodes and on the Unity server, if used. Also see Coordinating Mechanism Property Values for Unity.
Change the setting to simple to support simple binds.
Regardless of the LdapClientMechanism setting, Teradata strongly recommends that you also setup SSL or TLS protection to guard against man-in-the-middle and other attacks. See SSL/TLS Protection Options.